Pages

Sunday, 23 September 2012

How To Remove Boot.vbs virus

Today my antivirus (NOD32 Security Suite) was creating troubles for me.
After every five minutes, a request to debug the application would appear
because the some module of NOD32 would crash and then reload. It has been a
long time that I have been using NOD32. So I decided to test some other
antivirus. There were two good choices for me. One Bitdefender
and then second Kaspersky. The problem was that I didn’t want
to buy any one of those. So I decided to use a 6 months trial of Kaspersky Internet Security which will
be more than enough for me to test it. Here is my previous article about
how to get Kaspersky Internet Secutiry trial of 6 months.

I downloaded it and installed it. It began scanning my PC. And to my
amazement, it detected a threat that NOD32 was unaware of!! It was the boot.vbs
virus. I thought it would be better to remove the virus manually rather than
relying on Kaspersky. That way I would learn more. So here are the steps which
I did to remove the boot.vbs virus:

Go to Task Manager
–> Processes and End the following processes in order:

dxdlg.exe

wscript.exe

Go to Start –>
Run –> regedit –> Open the following key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon

In the right hand pane,
select Userinit and delete everything except “C:\windows\system32\userinit.exe”

Make sure the processes wscript.exe
and dxdlg.exe are not running.

Delete the following files

C:\Windows\System32\dxdlg.exe

C:\Windows\System32\boot.vbs

In your Windows
drive, search
for boot.vbs and delete all of them.

In your Windows
drive, search
for kinza.exe and delete all of them.

Disable System Restore and
then Enable it again.

Restart your computer.

Hopefully everything will be cleaner now and your computer will be free from
boot.vbs virus :-). Please share your experiences.